I had a quick look at the python source code and fileobject.c is one of the core classes which, I would imagine, is why a reference can be obtained. The other classes (method, dictionaries etc) don't look so much of a liability. I'll maybe try disabling the fopen calls in fileobject and see if it breaks anything (I've no need to open/close files using the standard libraries).
Are there any other holes you can think of in the following scenario- I disable all builtins except import which I protect in my 'Isolate' class, I then only allow import to import a single module name. Thanks for the speedy and informative replies. RMM -- http://mail.python.org/mailman/listinfo/python-list
